VPN clients not able to ping Remote PCs & Servers : ASA 5520

Similar Messages

• WLC cannot get IP of the Wireless Clients and client not able to ping to the gateway

  Dear Cisco Expertise,
  I have configured WLC embedded in Cisco C3650 switch and also 1 unit AP3702I. AP now able to join to the controller. My client able to connect to the AP and get the IP address (10.127.117.1) from the DHCP server but unable to ping to the gateway (10.127.117.254 - interface gateway). Both switch and AP able to ping to the interface gateway. I also trying to ping to the client from the switch and also from the AP to the client but not able to ping. 
  I've check via switch can see the client's IP address and MAC address (using ARP)
  #sh arp vlan 77
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  10.127.117.1          0   843a.4b90.17e0  ARPA   Vlan77
  Internet  10.127.117.254          -   3c08.f6b7.2173  ARPA   Vlan77
  Need your expertise on this matter. Thank you.
  Configuration as below:
  Switch
  ip dhcp pool LWAPP_VLAN
   network 10.127.117.0 255.255.255.0
   default-router 10.127.117.254
   dns-server 10.127.113.10
   domain-name xxx.com
  vlan 77
   name LWAP_VLAN
  interface Vlan10
   ip address 10.127.112.254 255.255.255.128
  interface Vlan77
   ip address 10.127.117.254 255.255.255.0
   ip helper-address 10.127.117.254
  interface GigabitEthernet3/0/5
   description Connect to AP Test
   switchport access vlan 10
   switchport mode access
   no logging event link-status
  wireless mobility controller
  wireless management interface Vlan10
  wireless security web-auth retries 5
  wireless mgmt-via-wireless
  wlan APAC-WLAN 2 Wifi-Test
   client vlan LWAP_VLAN
   ip dhcp opt82
   ip dhcp opt82 ascii
   ip dhcp opt82 format add-ssid
   ip dhcp required
   ip dhcp server 10.127.117.254
   no security wpa akm dot1x
   security wpa akm psk set-key ascii 0 B*MY2014
   security wpa wpa2 ciphers tkip
   session-timeout 300
   no shutdown
  ap group APGroup-Test
   description "For Testing Purposes"
   wlan APAC-WLAN
    vlan LWAP_VLAN
  AP
  interface Dot11Radio0
   antenna gain 0
   stbc
   mbssid
   power client local
   packet retries 64 drop-packet
   station-role root
  interface Dot11Radio1
   antenna gain 0
   stbc
   mbssid
   power client local
   packet retries 64 drop-packet
   station-role root
  interface GigabitEthernet0
   duplex auto
   speed auto
  interface GigabitEthernet0.1
   encapsulation dot1Q 1 native
   bridge-group 1
   bridge-group 1 spanning-disabled
   no bridge-group 1 source-learning
  interface BVI1
   mtu 1792
   ip address 10.127.112.202 255.255.255.128
  interface Virtual-WLAN0
  ip default-gateway 10.127.112.254
  ip forward-protocol nd
  ip dns server

  Pls try the below SSID configuration. WPA2 to be configured with AES & not TKIP. 
  wlan APAC-WLAN 2 Wifi-Test
   client vlan LWAP_VLAN
   security wpa
   no security wpa akm dot1x
   security wpa wpa2 ciphers aes                        
   security wpa akm psk set-key ascii 0 B*MY2014
   ip dhcp required
   no shutdown
  This post should give you some help as well
  http://mrncciew.com/2013/12/04/wlan-config-in-3850-part-1/
  HTH
  Rasika
  **** Pls rate all useful responses ****

• S2S between Cisco ASA 5505 and Sonicwall TZ-170 but not able to ping across

  Hi,
  I am helping out a friend of mine with his Site-to-Site VPN between his companies Cisco ASA another company's SonicWall TZ-170.  I have checked the screenshots proivded by the other end and tried to match with ours.  The Tunnel shows but we are not able to Ping resources on the other end.  The other side insists that the problem is on our end but I am not sure where the issue resides.  Please take a look at our config and let me know if there is anything that I have missed.  I am pretty sure I didn't but extra eyes may be of need here.
  Our LAN is 10.200.x.x /16 and theirs is 192.168.9.0 /24
  ASA Version 8.2(2)
  terminal width 300
  hostname company-asa
  domain-name Company.com
  no names
  name 10.1.0.0 sacramento-network
  name 10.3.0.0 irvine-network
  name 10.2.0.0 portland-network
  name x.x.x.x MailLive
  name 192.168.9.0 revit-vpn-remote-subnet
  dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.128
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.200.200.1 255.255.0.0
  interface Ethernet0/2
  nameif dmz
  security-level 50
  ip address 172.22.22.1 255.255.255.0
  interface Ethernet0/3
  description Internal Wireless
  shutdown
  nameif Wireless
  security-level 100
  ip address 10.201.201.1 255.255.255.0
  interface Management0/0
  shutdown
  nameif management
  security-level 100
  no ip address
  management-only
  boot system disk0:/asa822-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  dns domain-lookup outside
  dns server-group DefaultDNS
  domain-name company.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group network local_net_group
  network-object 10.1.0.0 255.255.0.0
  network-object 10.2.0.0 255.255.0.0
  network-object 10.200.0.0 255.255.0.0
  network-object 10.3.0.0 255.255.0.0
  network-object 10.4.0.0 255.255.0.0
  network-object 10.5.0.0 255.255.0.0
  network-object 10.6.0.0 255.255.0.0
  network-object 10.7.0.0 255.255.0.0
  network-object 192.168.200.0 255.255.255.0
  object-group network NACIO123
  network-object 1.1.1.1 255.255.255.224
  object-group service MAIL_HTTPS_BORDERWARE tcp
  port-object eq smtp
  port-object eq https
  port-object eq 10101
  object-group service SYSLOG_SNMP_NETFLOW udp
  port-object eq syslog
  port-object eq snmp
  port-object eq 2055
  object-group service HTTP_HTTPS tcp
  port-object eq www
  port-object eq https
  object-group network OUTSIDECO_SERVERS
  network-object host x.x.x.34
  network-object host x.x.x.201
  network-object host x.x.x.63
  object-group network NO-LOG
  network-object host 10.200.200.13
  network-object host 10.200.200.25
  network-object host 10.200.200.32
  object-group service iPhoneSync-Services-TCP tcp
  port-object eq 993
  port-object eq 990
  port-object eq 998
  port-object eq 5678
  port-object eq 5721
  port-object eq 26675
  object-group service termserv tcp
  description terminal services
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service DTI tcp
  description DCS CONTROL PROTOCOL
  port-object eq 3333
  object-group service H.245 tcp
  description h.245 signaling
  port-object range 1024 4999
  object-group service RAS udp
  port-object eq 1719
  port-object range 1718 1720
  object-group service XML tcp
  port-object range 3336 3341
  object-group service mpi tcp
  port-object eq 2010
  object-group service mvp_control tcp
  port-object eq 2946
  object-group service rpc tcp-udp
  port-object eq 1809
  object-group service tcp8080 tcp
  port-object eq 8080
  object-group service tcp8011 tcp
  port-object eq 8011
  object-group service rtp_rtcp_udp udp
  port-object range 1024 65535
  object-group service ecs_xml tcp-udp
  port-object eq 3271
  object-group service rtp20000 udp
  description 10000-65535
  port-object range 20000 25000
  port-object range 10000 65535
  object-group service tcp5222 tcp
  port-object range 5222 5269
  object-group service tcp7070 tcp
  port-object eq 7070
  object-group network videoco
  network-object host x.x.x.144
  network-object host x.x.x.145
  object-group service video tcp
  port-object range 1718 h323
  object-group service XML2 tcp-udp
  port-object range 3336 3345
  object-group service tcp_tls tcp
  port-object eq 5061
  object-group service Autodesk tcp
  port-object eq 2080
  port-object range 27000 27009
  access-list outside_policy remark ====== Begin Mail From Postini Network ======
  access-list outside_policy extended permit tcp x.x.x.x 255.255.240.0 host x.x.x.x eq smtp
  access-list outside_policy extended permit tcp x.x.x.x 255.255.255.240 host x.x.x.x eq smtp
  access-list outside_policy extended permit tcp x.x.x.0 255.255.240.0 host x.x.x.x eq smtp
  access-list outside_policy remark ****** End Mail From Postini Network ******
  access-list outside_policy remark ====== Begin Inbound Web Mail Access ======
  access-list outside_policy extended permit tcp any host x.x.x.x object-group HTTP_HTTPS
  access-list outside_policy remark ****** End Inbound Web Mail Access ******
  access-list outside_policy remark ====== Begin iPhone Sync Rules to Mail Server ======
  access-list outside_policy extended permit tcp any host x.x.x.x object-group iPhoneSync-Services-TCP
  access-list outside_policy remark ****** End iPhone Sync Rules to Mail Server ******
  access-list outside_policy remark ====== Begin MARS Monitoring ======
  access-list outside_policy extended permit udp x.x.x.x 255.255.255.128 host x.x.x.x object-group SYSLOG_SNMP_NETFLOW
  access-list outside_policy extended permit icmp x.x.x.x 255.255.255.128 host x.x.x.x
  access-list outside_policy remark ****** End MARS Monitoring ******
  access-list outside_policy extended permit tcp object-group NACIO123 host x.x.x.141 eq ssh
  access-list outside_policy extended permit tcp any host x.x.x.x eq www
  access-list outside_policy extended permit tcp any host x.x.x.x eq https
  access-list outside_policy extended permit tcp any host x.x.x.x eq h323
  access-list outside_policy extended permit tcp any host x.x.x.x range 60000 60001
  access-list outside_policy extended permit udp any host x.x.x.x range 60000 60007
  access-list outside_policy remark radvision 5110   port 80 both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq www
  access-list outside_policy remark radvision
  access-list outside_policy extended permit tcp any object-group videoco object-group termserv
  access-list outside_policy remark radvision 5110  port21 out
  access-list outside_policy extended permit tcp any object-group videoco eq ftp
  access-list outside_policy remark rad5110   port22 both
  access-list outside_policy extended permit tcp any object-group videoco eq ssh
  access-list outside_policy remark rad 5110  port161 udp both
  access-list outside_policy extended permit udp any object-group videoco eq snmp
  access-list outside_policy remark rad5110 port443 both
  access-list outside_policy extended permit tcp any object-group videoco eq https
  access-list outside_policy remark rad5110 port 1024-4999  both
  access-list outside_policy extended permit tcp any object-group videoco object-group H.245
  access-list outside_policy remark rad5110 port 1719 udp both
  access-list outside_policy extended permit udp any object-group videoco object-group RAS
  access-list outside_policy remark rad5110 port 1720 both
  access-list outside_policy extended permit tcp any any eq h323
  access-list outside_policy remark RAD 5110 port 3333 tcp both
  access-list outside_policy extended permit tcp any object-group videoco object-group DTI
  access-list outside_policy remark rad5110 port 3336-3341 both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group XML2
  access-list outside_policy remark port 5060 tcp/udp
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq sip
  access-list outside_policy remark rad 5110port 1809 rpc both
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group rpc
  access-list outside_policy remark rad 5110 port 2010 both
  access-list outside_policy extended permit tcp any object-group videoco object-group mpi
  access-list outside_policy remark rad 5110 port 2946 both
  access-list outside_policy extended permit tcp any object-group videoco object-group mvp_control
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp8080
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp8011
  access-list outside_policy remark 1024-65535
  access-list outside_policy extended permit udp any object-group videoco object-group rtp_rtcp_udp
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group ecs_xml
  access-list outside_policy extended permit udp any object-group videoco object-group rtp20000
  access-list outside_policy extended permit tcp any object-group videoco eq telnet
  access-list outside_policy remark port 53 dns
  access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq domain
  access-list outside_policy remark 7070
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp7070
  access-list outside_policy remark 5222-5269 tcp
  access-list outside_policy extended permit tcp any object-group videoco range 5222 5269
  access-list outside_policy extended permit tcp any object-group videoco object-group video
  access-list outside_policy extended permit tcp any object-group videoco object-group tcp_tls
  access-list outside_policy remark ====== Begin Autodesk Activation access ======
  access-list outside_policy extended permit tcp any any object-group Autodesk
  access-list outside_policy remark ****** End Autodesk Activation access ******
  access-list outside_policy extended permit tcp x.x.x.x 255.255.255.248 host x.x.x.x eq smtp
  access-list outside_policy remark ****** End Autodesk Activation access ******
  access-list inside_policy extended deny tcp host 10.200.200.25 10.1.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.3.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.2.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.4.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny tcp host 10.200.200.25 10.5.0.0 255.255.0.0 eq 2967 log disable
  access-list inside_policy extended deny udp object-group NO-LOG any eq 2967 log disable
  access-list inside_policy extended deny tcp object-group NO-LOG any eq 2967 log disable
  access-list inside_policy remark ====== Begin Outbound Mail Server Rules ======
  access-list inside_policy extended permit udp host 10.200.200.222 any eq 5679
  access-list inside_policy extended permit tcp host 10.200.200.222 any eq smtp
  access-list inside_policy remark ****** End Outbound Mail Server Rules ******
  access-list inside_policy extended permit ip object-group local_net_group any
  access-list inside_policy extended permit icmp object-group local_net_group any
  access-list OUTSIDECO_VPN extended permit ip host x.x.x.x object-group OUTSIDECO_SERVERS
  access-list company-split-tunnel standard permit 10.1.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.2.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.3.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.4.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.200.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.5.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.6.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 10.7.0.0 255.255.0.0
  access-list company-split-tunnel standard permit 172.22.22.0 255.255.255.0
  access-list company-split-tunnel remark Video
  access-list company-split-tunnel standard permit 192.168.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.1.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.2.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.3.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.200.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.4.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.5.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.6.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 10.7.0.0 255.255.0.0
  access-list SSL_SPLIT standard permit 172.22.22.0 255.255.255.0
  access-list SSL_SPLIT remark Video
  access-list SSL_SPLIT standard permit 192.168.0.0 255.255.0.0
  access-list NONAT_SSL extended permit ip object-group local_net_group 172.20.20.0 255.255.255.0
  access-list NONAT_SSL extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
  access-list tom extended permit tcp host x.x.x.x any eq smtp
  access-list tom extended permit tcp host 10.200.200.222 any eq smtp
  access-list tom extended permit tcp any host x.x.x.x
  access-list aaron extended permit tcp any any eq 2967
  access-list capauth extended permit ip host 10.200.200.1 host 10.200.200.220
  access-list capauth extended permit ip host 10.200.200.220 host 10.200.200.1
  access-list DMZ extended permit icmp any any
  access-list dmz_access_in extended permit tcp any eq 51024 any eq 3336
  access-list dmz_access_in extended permit icmp any any
  access-list dmz_access_in extended permit tcp any any eq ftp
  access-list dmz_access_in extended permit tcp any any eq https
  access-list dmz_access_in remark rad5110 port 162 out
  access-list dmz_access_in extended permit udp any any eq snmptrap
  access-list dmz_access_in remark port 23 out
  access-list dmz_access_in extended permit tcp any any eq telnet
  access-list dmz_access_in remark port 53 dns out
  access-list dmz_access_in extended permit object-group TCPUDP any any eq domain
  access-list dmz_access_in extended permit object-group TCPUDP any any eq www
  access-list dmz_access_in extended permit tcp any any eq h323
  access-list dmz_access_in extended permit tcp any any object-group XML
  access-list dmz_access_in extended permit udp any any object-group RAS
  access-list dmz_access_in extended permit tcp any any range 1718 h323
  access-list dmz_access_in extended permit tcp any any object-group H.245
  access-list dmz_access_in extended permit object-group TCPUDP any any eq sip
  access-list dmz_access_in extended permit udp any any object-group rtp_rtcp_udp
  access-list dmz_access_in extended permit object-group TCPUDP any any object-group XML2
  access-list dmz_access_in extended permit ip object-group local_net_group any
  access-list dmz_access_in remark port 5061
  access-list dmz_access_in extended permit tcp any any object-group tcp_tls
  access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
  pager lines 24
  logging enable
  logging buffered warnings
  logging trap informational
  logging history informational
  logging asdm warnings
  logging host outside x.x.x.x
  mtu outside 1500
  mtu inside 1500
  mtu dmz 1500
  mtu Wireless 1500
  mtu management 1500
  ip local pool SSL_VPN_POOL 172.20.20.1-172.20.20.75 mask 255.255.255.0
  ip verify reverse-path interface outside
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-631.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list NONAT_SSL
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) x.x.x.12 10.200.200.15 netmask 255.255.255.255
  static (inside,outside) x.x.x.15 10.5.0.11 netmask 255.255.255.255
  static (inside,outside) x.x.x.13 10.200.200.240 netmask 255.255.255.255
  static (inside,outside) x.x.x.16 10.200.200.222 netmask 255.255.255.255
  static (inside,outside) x.x.x.14 10.200.200.155 netmask 255.255.255.255
  static (inside,dmz) 10.200.200.0 10.200.200.0 netmask 255.255.255.0
  static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.0.0
  static (dmz,outside) x.x.x.18 172.22.22.15 netmask 255.255.255.255
  static (dmz,outside) x.x.x.19 172.22.22.16 netmask 255.255.255.255
  static (inside,dmz) 10.3.0.0 10.3.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.6.0.0 10.6.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.7.0.0 10.7.0.0 netmask 255.255.0.0
  static (inside,dmz) 10.5.0.0 10.5.0.0 netmask 255.255.0.0
  access-group outside_policy in interface outside
  access-group inside_policy in interface inside
  access-group dmz_access_in in interface dmz
  route outside 0.0.0.0 0.0.0.0 x.x.x.12 1
  route inside 10.1.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.2.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.3.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.4.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.5.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.6.0.0 255.255.0.0 10.200.200.254 1
  route inside 10.7.0.0 255.255.0.0 10.200.200.150 1
  route inside x.x.x.0 255.255.255.0 10.200.200.2 1
  route inside x.x.x.0 255.255.255.0 10.200.200.2 1
  route inside 192.168.1.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.2.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.3.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.4.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.5.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.6.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.7.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.200.0 255.255.255.0 10.200.200.254 1
  route inside 192.168.201.0 255.255.255.0 10.200.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 2:00:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server COMPANY-NT-AUTH protocol nt
  aaa-server COMPANY-NT-AUTH (inside) host 10.200.200.220
  nt-auth-domain-controller DC
  aaa authentication ssh console LOCAL
  aaa authorization command LOCAL
  http server enable
  http 10.200.200.0 255.255.255.0 inside
  http 10.200.0.0 255.255.0.0 inside
  http 10.3.0.0 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set AES256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set asa2transform esp-3des esp-sha-hmac
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map outside_dyn_map 20 set transform-set 3DES-SHA
  crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
  crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
  crypto map OUTSIDE_MAP 5 match address outside_cryptomap
  crypto map OUTSIDE_MAP 5 set pfs
  crypto map OUTSIDE_MAP 5 set peer x.x.x.53
  crypto map OUTSIDE_MAP 5 set transform-set 3DES-SHA
  crypto map OUTSIDE_MAP 5 set security-association lifetime seconds 28800
  crypto map OUTSIDE_MAP 10 match address OUTSIDECO_VPN
  crypto map OUTSIDE_MAP 10 set peer x.x.x.25
  crypto map OUTSIDE_MAP 10 set transform-set AES256-SHA
  crypto map OUTSIDE_MAP 10 set security-association lifetime seconds 28800
  crypto map OUTSIDE_MAP 10 set security-association lifetime kilobytes 4608000
  crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map OUTSIDE_MAP interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 5
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 28800
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 outside
  ssh 0.0.0.0 0.0.0.0 inside
  ssh timeout 20
  console timeout 0
  dhcpd dns 10.200.200.220 10.200.200.225
  dhcpd wins 10.200.200.220 10.200.200.225
  dhcpd lease 18000
  dhcpd domain company.com
  dhcpd dns 10.200.200.220 10.200.200.225 interface Wireless
  dhcpd wins 10.200.200.220 10.200.200.225 interface Wireless
  dhcpd lease 18000 interface Wireless
  dhcpd domain company.com interface Wireless
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ntp server 192.5.41.40 source outside prefer
  ssl trust-point vpn.company.com outside
  webvpn
  enable outside
  anyconnect-essentials
  svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
  svc image disk0:/anyconnect-macosx-i386-2.5.2017-k9.pkg 2
  svc enable
  tunnel-group-list enable
  group-policy SSL_Client_Policy internal
  group-policy SSL_Client_Policy attributes
  wins-server value 10.200.200.220
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec svc webvpn
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SSL_SPLIT
  default-domain value company.com
  webvpn
    sso-server none
    auto-signon allow uri * auth-type all
  group-policy no-split-test internal
  group-policy no-split-test attributes
  banner value Welcome to company and Associates
  banner value Welcome to company and Associates
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec
  ipsec-udp enable
  split-tunnel-policy tunnelall
  default-domain value company.com
  group-policy DfltGrpPolicy attributes
  dns-server value 10.200.200.220
  default-domain value company.com
  group-policy company internal
  group-policy company attributes
  banner value Welcome to company and Associates
  banner value Welcome to company and Associates
  dns-server value 10.200.200.220
  vpn-tunnel-protocol IPSec
  ipsec-udp enable
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value SSL_SPLIT
  default-domain value company.com
  username ciscoadmin password xxxxxxxxxxx encrypted privilege 15
  tunnel-group DefaultWEBVPNGroup general-attributes
  address-pool SSL_VPN_POOL
  authentication-server-group COMPANY-NT-AUTH
  default-group-policy SSL_Client_Policy
  tunnel-group DefaultWEBVPNGroup webvpn-attributes
  group-alias company_SSL_VPN enable
  tunnel-group company_group type remote-access
  tunnel-group company_group general-attributes
  address-pool SSL_VPN_POOL
  authentication-server-group COMPANY-NT-AUTH LOCAL
  default-group-policy company
  tunnel-group company_group ipsec-attributes
  pre-shared-key *****
  tunnel-group x.x.x.53 type ipsec-l2l
  tunnel-group x.x.x.53 ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect tftp
    inspect esmtp
    inspect ftp
    inspect icmp
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect skinny
    inspect sqlnet
    inspect sunrpc
    inspect xdmcp
    inspect mgcp
    inspect h323 h225
    inspect h323 ras
    inspect sip
  service-policy global_policy global
  privilege cmd level 5 mode exec command ping
  privilege cmd level 6 mode exec command write
  privilege show level 5 mode exec command running-config
  privilege show level 5 mode exec command version
  privilege show level 5 mode exec command conn
  privilege show level 5 mode exec command memory
  privilege show level 5 mode exec command cpu
  privilege show level 5 mode exec command xlate
  privilege show level 5 mode exec command traffic
  privilege show level 5 mode exec command interface
  privilege show level 5 mode exec command clock
  privilege show level 5 mode exec command ip
  privilege show level 5 mode exec command failover
  privilege show level 5 mode exec command arp
  privilege show level 5 mode exec command route
  privilege show level 5 mode exec command blocks
  prompt hostname context
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:a0689b4c837c79a51e7a0cfed591dec9
  : end
  COMPANY-asa#

  Hi Sian,
  Yes on their end the PFS is enabled for DH Group 2.
  Here is the information that you requested:
  company-asa# sh crypto isakmp sa
     Active SA: 3
      Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
  Total IKE SA: 3
  1   IKE Peer: x.x.x.87
      Type    : user            Role    : responder
      Rekey   : no              State   : AM_ACTIVE
  2   IKE Peer: x.x.x.53
      Type    : L2L             Role    : initiator
      Rekey   : no              State   : MM_ACTIVE
  3   IKE Peer: x.x.x.25
      Type    : user            Role    : initiator
      Rekey   : no              State   : MM_WAIT_MSG4
  company-asa# sh crypto ipsec sa
  interface: outside
      Crypto map tag: OUTSIDE_MAP, seq num: 5, local addr: x.x.x.13
        access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
        local ident (addr/mask/prot/port): (10.200.0.0/255.255.0.0/0/0)
        remote ident (addr/mask/prot/port): (192.168.9.0/255.255.255.0/0/0)
        current_peer: x.x.x.53
        #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
        #pkts decaps: 10744, #pkts decrypt: 10744, #pkts verify: 10744
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
        #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
        #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
        #send errors: 0, #recv errors: 0
        local crypto endpt.: x.x.x.13, remote crypto endpt.: x.x.x.53
        path mtu 1500, ipsec overhead 58, media mtu 1500
        current outbound spi: 500EC8BF
        current inbound spi : 8DAE3436
      inbound esp sas:
        spi: 0x8DAE3436 (2377004086)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={L2L, Tunnel, PFS Group 2, }
           slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
           sa timing: remaining key lifetime (kB/sec): (3914946/24388)
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0xFFFFFFFF 0xFFFFFFFF
      outbound esp sas:
        spi: 0x500EC8BF (1343146175)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={L2L, Tunnel, PFS Group 2, }
           slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
           sa timing: remaining key lifetime (kB/sec): (3915000/24388)
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001
      Crypto map tag: outside_dyn_map, seq num: 20, local addr: x.x.x.13
        local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
        remote ident (addr/mask/prot/port): (172.20.20.8/255.255.255.255/0/0)
        current_peer: x.x.x.87, username: ewebb
        dynamic allocated peer ip: 172.20.20.8
        #pkts encaps: 16434, #pkts encrypt: 16464, #pkts digest: 16464
        #pkts decaps: 19889, #pkts decrypt: 19889, #pkts verify: 19889
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 16434, #pkts comp failed: 0, #pkts decomp failed: 0
        #pre-frag successes: 30, #pre-frag failures: 0, #fragments created: 60
        #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 60
        #send errors: 0, #recv errors: 0
        local crypto endpt.: x.x.x.13/4500, remote crypto endpt.: x.x.x.87/2252
        path mtu 1500, ipsec overhead 66, media mtu 1500
        current outbound spi: 2D712C9F
        current inbound spi : 0EDB79C8
      inbound esp sas:
        spi: 0x0EDB79C8 (249264584)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
           sa timing: remaining key lifetime (sec): 18262
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0xFFFFFFFF 0xFFFFFFFF
      outbound esp sas:
        spi: 0x2D712C9F (762391711)
           transform: esp-3des esp-sha-hmac no compression
           in use settings ={RA, Tunnel,  NAT-T-Encaps, }
           slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
           sa timing: remaining key lifetime (sec): 18261
           IV size: 8 bytes
           replay detection support: Y
           Anti replay bitmap:
            0x00000000 0x00000001

• Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

  Hii frnds,
  here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
  Below is the out put from the router
  r1#sh run
  Building configuration...
  Current configuration : 3488 bytes
  ! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
  ! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
  version 15.1
  service config
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname r1
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
  aaa new-model
  aaa authentication login local-console local
  aaa authentication login userauth local
  aaa authorization network groupauth local
  aaa session-id common
  dot11 syslog
  ip source-route
  ip cef
  ip domain name r1.com
  multilink bundle-name authenticated
  license udi pid CISCO1841 sn FHK145171DM
  username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
  username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
  redundancy
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group ra-vpn
  key xxxxxx
  domain r1.com
  pool vpn-pool
  acl 150
  save-password
    include-local-lan
  max-users 10
  crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
  crypto dynamic-map RA 1
  set transform-set my-vpn
  reverse-route
  crypto map ra-vpn client authentication list userauth
  crypto map ra-vpn isakmp authorization list groupauth
  crypto map ra-vpn client configuration address respond
  crypto map ra-vpn 1 ipsec-isakmp dynamic RA
  interface Loopback0
  ip address 10.2.2.2 255.255.255.255
  interface FastEthernet0/0
  bandwidth 8000000
  ip address 117.239.xx.xx 255.255.255.240
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map ra-vpn
  interface FastEthernet0/1
  description $ES_LAN$
  ip address 192.168.10.252 255.255.255.0 secondary
  ip address 10.10.10.1 255.255.252.0 secondary
  ip address 172.16.0.1 255.255.252.0 secondary
  ip address 10.10.7.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip local pool vpn-pool 172.18.1.1   172.18.1.100
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip dns server
  ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
  ip nat inside source list 100 pool INTERNETPOOL overload
  ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
  access-list 100 permit ip 10.10.7.0 0.0.0.255 any
  access-list 100 permit ip 10.10.10.0 0.0.1.255 any
  access-list 100 permit ip 172.16.0.0 0.0.3.255 any
  access-list 100 permit ip 192.168.10.0 0.0.0.255 any
  access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
  access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
  access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
  control-plane
  line con 0
  login authentication local-console
  line aux 0
  line vty 0 4
  login authentication local-console
  transport input telnet ssh
  scheduler allocate 20000 1000
  end
  r1>sh ip route
  Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route, + - replicated route
  Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
  S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
        10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
  C        10.2.2.2/32 is directly connected, Loopback0
  C        10.10.7.0/24 is directly connected, FastEthernet0/1
  L        10.10.7.1/32 is directly connected, FastEthernet0/1
  C        10.10.8.0/22 is directly connected, FastEthernet0/1
  L        10.10.10.1/32 is directly connected, FastEthernet0/1
        117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
  L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
        172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
  C        172.16.0.0/22 is directly connected, FastEthernet0/1
  L        172.16.0.1/32 is directly connected, FastEthernet0/1
        172.18.0.0/32 is subnetted, 1 subnets
  S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
        192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.10.0/24 is directly connected, FastEthernet0/1
  L        192.168.10.252/32 is directly connected, FastEthernet0/1
  r1#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id status
  117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
  IPv6 Crypto ISAKMP SA
  r1 #sh crypto ipsec sa
  interface: FastEthernet0/0
      Crypto map tag: giet-vpn, local addr 117.239.xx.xx
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
     remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
     current_peer 49.206.59.86 port 50083
       PERMIT, flags={}
      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 0, #recv errors 0
       local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
       path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
       current outbound spi: 0x550E70F9(1427009785)
       PFS (Y/N): N, DH group: none
       inbound esp sas:
        spi: 0x5668C75(90606709)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550169/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0x550E70F9(1427009785)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel UDP-Encaps, }
          conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
          sa timing: remaining key lifetime (k/sec): (4550170/3437)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:

  hi  Maximilian Schojohann..
  First i would like to Thank you for showing  interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF "  Router cpu processer goes to 99% and hangs...
  In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
  so plz give me an alternate solution ....thanks in advance....

• FortiClient SSL VPN Client Not Functioning Correctly

  Hello,
  I use the FortiClient SSL application to connect to work. In Windows 7 x64 it works without issue. In Windows 8 Build 9200 it exhibits and odd behaviour.
  I can connect using FortiClient version 4.4.3.445. Once connected my sent bytes continues to increase which is correct. However received bytes stays at 0.
  If I try to Remote Desktop it fails.  This is obviously due to no inbound packets coming back from the Fortigate appliance being allowed back to Windows 8.
  Disabling the Firewall doesn't have any affect on the condition. Received bytes stays at 0. 
  This is a clean install with no 3rd party applications, other than the Forticlient software. This is only the SSL VPN portion of  the the FortiClient software and does not included AV or Firewall options.
  Doing some Googling, I've seen some other people with the same problem but no resolution. Another FortiClient user and Sophos & Juniper SSL VPN clients having the same problem.
  Does anybody have any idea what would be causing the SSL VPN to only send bytes but not receive.
  Thanks!
  UPDATE 2:
  In the built in MSTSC.exe "Remote Desktop" I went into Options/Advanced/Server Authentication. I switched the setting to "Connect and don't warn me" and that fixed the problem. The default was "Warn Me' However the warning screen was not coming up.
  Just for the heck of it I switched it back to the default settings and saved. Strangely I now get the "Warning" screen that you would normally see. So now both the built-in and App Store Remote Desktop applications are working. FortiClient still shows Bytes
  received as 0.....which is odd.
  UPDATE: Solved Workaround
  I was using the built-in Remote Desktop Application without success. I went into the APP Store and saw their was an APP called "Remote Desktop" I installed that and connected my FortiClient SSL to work. Still no received bytes like I would get in
  Win7. I then launched the "APP" Remote Desktop, punched in my PC name at work and creds and boom I can login to my work PC. FortiClient SSL still showing no received bytes, but the "Remote Desktop" from the APP store does work. Not sure why MSTSC.exe will
  not work, and why FortiClient shows no received bytes is still unsolved. At least the APP Store Remote Desktop works with the SSL Client.

  Hello Everyone,
  I finally able to track down the issue .
  After spending 3 days i found that VPN Client may bind some setting with user. I tried to install the same on my personal laptop and another machine where the user bind with same account
  (hotmail).
  Then I realize may be this is user issue so I follow below steps and it work fine.
  1. Uninstall Client from Machine
  2. Remove same from IE ( Options =>> Connections)
  3. Restart System
  4. Create Local user and provide administrator rights.
  5. Login with new user and logoff all other.
  6. Install Client.

• Users not able to see remote users on the node network

  Users that belong to one node are not able to see users in another calendar
  server node. Both calendar servers are pointing to the same directory server.
  Some errors that occur in the log files:
  DEXOTEK ERRCODE Ox13608 -> SchedBaseOpen: Section name too long
  DEXOTEK ERRCODE Ox13608 -> OpenConnection: SchedBaseOpenOnHost
  And when uninode -cws nodeID is run, it does not report being able to see all
  the users and resources on the remote nodes.
  uninode: connected to hostname.net.xxx.com, node 10000
  directory of items: 10 (USERS = 10/RESOURCES = 0)
  CONNECTION EX AV Q-SIZE IN-PROCESS IMPORT-DIR
  (10000)->xxxxxx.xxx.com(10001) 2 2 0 0 370 (U=370/R=0)
  Here is the nodes.ini file:
  + H=xxxxxxx.xxx.com/N=10000
  + H=xxxx.xxx.com/N=10001
  all=2
  There is a reported bug, that 16 chars is max on domain names for the nodes.ini
  file, which means that you need to change that file and use:
       a) an alias that can be resolved on the network with either DNS or local
       host files
       b) use the IP address.
  As documented in the release notes, here is the procedure on how to modify the
  hostname when it is too long. Or how to modify the hostname for any reason.
  Fix for long host names problem
  If the fully qualified domain name for your network exceeds 16 characters, it
  will be necessary to shorten the host name of all the servers in the Calendar
  Server network . These instructions must be carefully followed to avoid causing
  problems with the network. Ensure that the procedure is applied to ALL nodes in
  the Calendar network.
  1) The following procedure should be carried out on each server in the
  Calendar network:
  a) Bring the Calendar services down.
  % unistop -y
  b) Run the unidbfix command in export mode.
  % unidbfix -export -n node-id
  This will create a remotenode.ini file for each node on the server. The file is
  located in the node's perm directory.
  Example:
  If you have two nodes on the server ROCK, node 1(in N1) and node (in N2), the
  files are:
  /users/unison/db/nodes/N1/perm/remotenode.ini
  /users/unison/db/nodes/N2/perm/remotenode.ini
  The remotenode.ini file will look something like this:
  [1]
  RN_NUMCONNECT = 2
  RN_SURNAME = "unison"
  RN_GIVENNAME = "unison"
  RN_ORGUNIT1 = "uni2"
  RN_ORGUNIT2 = "openmail"
  RN_ORGANIZATION = "ABC Corp"
  RN_ACCESSMETHOD = 2
  RN_SERVICENAME = "unieng"
  RN_HOSTNAME = "rock"
  [2]
  RN_NUMCONNECT = 2
  RN_SURNAME = "unison"
  RN_GIVENNAME = "unison"
  RN_ORGUNIT1 = "uni4"
  RN_ORGUNIT2 = "openmail"
  RN_ORGANIZATION = "ABC Corp"
  RN_ACCESSMETHOD = 2
  RN_SERVICENAME = "unieng"
  RN_HOSTNAME = "rock"
  2) Once you have run unidbfix in export mode on all the servers, proceed as
  follows:
  a) Compare the remotenode.ini files and verify that the entries are the
  same. In each file, you will note that an entry for the local node is not
  included.
  b) Edit one of the files (on any of the servers). This file will be
  referred to as the master file. Add the appropriate entries for the
  local node (copy the section from one of the other files). Modify the
  RN_HOSTNAME in each of the sections of the master file to shorten the
  name.
  c) Copy the master file in the perm directories of each node on all the
  servers.
  3) Once the master file is in the perm directory of all the nodes, proceed as
  follows on each server:
  a) Run the unidbfix command in the -import mode.
  % unidbfix -import -n node-id
  b) Edit the nodes.ini file on the hub server and make the same changes to
  the host names. You do not need to apply the changes.
  c) Edit the [UTL] section of the /users/unison/misc/unison.ini file and
  change the host name.
  d) Start up the services.
  % unistart
  4) After all the changes have been made, run the uninode -cws all and
  uninode -snc all commands and verify that the results are accurate.

  See this:
  http://docs.info.apple.com/article.html?path=Mac/10.6/en/8203.html
  You should then see your pcs listed in Finder's sidebar under the shared section.
  Regards

• Seeburger SFTP is not able connect to remote host

  Hi,
  I have configured seeburger adapter (STPF) on XI 3.0 SP19 as per the seeburger installation document,
  but when we are trying to send the data to a file server using SFTP, we are getting below error in
  reciver communication channel, please help me
  "Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: >> Description: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>> Details: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: true>>Fatal: true, >> Description: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>> Details: putFile: Could not connect to remote host; Reason: com.maverick.ssh.SshException>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATIO "
  Thanking you in advance.
  Sonali

  Hi,
  In similar condition , we also getting below errors:
  Message processing failed. Cause: javax.resource.ResourceException: Fatal exception:
  com.sap.aii.af.ra.cci.XIDeliveryException: >> Description: putFile: Could not connect
  to remote host; Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.
  ConfigurationException: Could not initialize SSH transport layer, reason : Connection timed out:
  could be due to invalid address>> Details: putFile: Could not connect to remote host;
  Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.ConfigurationException:
  Could not initialize SSH transport layer, reason : Connection timed out:could be due to invalid
  address>>SendingStatus: NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>
  Retryable: false>>Fatal: false, >> Description: putFile: Could not connect to remote host;
  Reason: SFTP client was not able to connect: com.seeburger.sftp.exception.ConfigurationException:
  Could not initialize SSH transport layer, reason : Connection timed out:could be due to invalid
  address>> Details: putFile: Could not connect to remote host; Reason: SFTP client was not able
  to connect: com.seeburger.sftp.exception.ConfigurationException: Could not initialize SSH
  transport layer, reason : Connection timed out:could be due to invalid address>>SendingStatus:
  NOT_TRANSMITTED>>FaultCategory: COMMUNICATION_ERROR>>Retryable: false>>Fatal: false
  Can you share , how you have resolved the errors?
  You mentioned to change the owner to seeburger , please give details , where to do this.?
  Thanks,
  Anit

• Clients not able to connect to MS exchange server over a cisco switch

  Hello,
  I have a Cisco L3 switch.
  I have a Exchange server and until i split the network into every thing was working ok, meaning the clients can connect to the Exchange without issues.
  But after i split the network into 2 vlans, moving the exchange in one vlan and the clients in another vlan, i have complains saying that the users are not able to connect to exchange periodically.
  Even users from the same subnet also cannot connect to the exchange often.
  Meaning the clients can connect to the exchange and suddenly it will stop working. at the same time i can ping the exchange and that shows there is no routing issue or LAN issue.
  But still clients cant connect to the exchange, when i reboot it will start working again for some time.
  wondering whether it could be related to any network related issue or MTU or PMTUD issues.
  The whole issue started only after we split the network into two vlans.

  If you have physical access to the switch, it may save time to look at the port LEDs which give you the link status or may indicate an error condition (if red or orange). The table below describes the LED status indicators for Ethernet modules or fixed-configuration switches:
  http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a008015bfd6.shtml

• Not able to use remote desktop externally on a WRV200

  Hello all,
  Untill 5 minutes ago I wasn't able to get remote desktop to work from an extern computer to my computer which is wireless connected in our network. It worked from a network computer from the beginning.
  I have port 3389 correctly forwarded to my static intern ip address (same way as i did with my ftp server which works properly, so I guess I did it wright)
  Just 5 minutes ago I found out that it does work when I enable DMZ (see bottom for DMZ details).. What am I doing wrong? I prefer not to use DMZ since it will automatically forward all internet port requests which arent forwarded to any of the other computers, which makes my computer quite vulnerable, wright? (I am using the win xp firewall, but still)
  Thanks in advance!
  Edit 1: I have UPNP enabled
  Edit 2: I have remote desktop excluded in the windows firewall, but thats logic since remote desktop does work from another network computer and with DMZ enabled
  Edit 3: I'm the only one in our network who is using remote desktop
  Edit 4: I also tried to forward all these ports to my pc: 22, 65301, 5631-5632
  The DMZ screen allows one local PC to be exposed to the Internet for use of a special-purpose service such as
  Internet gaming and videoconferencing through Software DMZ. Whereas Port Range Forwarding can only forward
  a maximum of 10 ranges of ports, DMZ hosting forwards all the ports for one PC at the same time.
  Message Edited by PulpVictim on 07-06-2007 02:30 AM
  Message Edited by PulpVictim on 07-06-2007 02:34 AM
  Message Edited by PulpVictim on 07-06-2007 02:35 AM
  Message Edited by PulpVictim on 07-06-2007 02:39 AM

  Enable the logs on your router. Then try to do remote desktop. It will fail of course. After it does, view the logs, there might be ports listed in the incoming logs that you failed to forward.

• Not able to ping to this IP

  Hi, 
  Pls see attached diagram. This is the setup. 
  From the PC Vlan (vlan 200) able to ping other server on Vlan 300 except this server 172.19.100.101 & 172.19.100.102.
  I don't know why can't ping this 2 server. I suspect because of this firewall but i don't about the configuration.
  Please help me to verify
  Below is the config of PIX
  ======================
  klccPix# sh run
  : Saved
  PIX Version 6.3(1)
  interface ethernet0 auto
  interface ethernet1 auto
  interface ethernet2 auto
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  nameif ethernet2 intf2 security4
  enable password fgDKmzUvSvGTzykR encrypted
  passwd fgDKmzUvSvGTzykR encrypted
  hostname klccPix
  domain-name IST.COM
  clock timezone MYT 8
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol ils 389
  fixup protocol pptp 1723
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  names
  name 172.19.100.23 Linux_File_Srv
  name 172.19.0.0 IsetanKLCC_LAN
  name 203.127.255.65 NECSAP_Admin
  name 172.19.100.11 Database_Srv
  name 172.29.0.0 isetanKLCC_LAN2
  name 203.127.251.181 NECSAP_DB
  name 203.127.251.254 NECSG
  name 175.145.155.50 necare
  name 202.46.125.251 OU_Mgmt
  access-list inside_access_in permit tcp host Linux_File_Srv any
  access-list inside_access_in permit tcp host Linux_File_Srv any eq domain
  access-list inside_access_in permit udp host Linux_File_Srv any eq domain
  access-list inside_access_in permit icmp host Linux_File_Srv any
  access-list inside_access_in permit icmp host Database_Srv any echo-reply
  access-list inside_access_in permit tcp host Database_Srv any object-group DB_ac
  cess
  access-list inside_access_in permit tcp any any object-group Email_Services
  access-list inside_access_in permit tcp any any eq domain
  access-list inside_access_in permit udp any any eq domain
  access-list inside_access_in permit icmp any any
  access-list inside_access_in permit tcp any any object-group Linux_Services
  access-list inside_access_in permit tcp host 172.19.100.64 any
  access-list outside_access_in permit tcp host NECSAP_Admin host 203.115.205.28 o
  bject-group Linux_Services
  access-list outside_access_in permit tcp any host 203.115.205.28 eq https
  access-list outside_access_in permit tcp any host 203.115.205.28 object-group ss
  h_defined
  access-list outside_access_in permit icmp host NECSG host 203.115.205.29 log
  access-list outside_access_in permit tcp host NECSG host 203.115.205.29 object-g
  roup DB_access log
  access-list outside_access_in permit icmp host 60.49.155.154 host 203.115.205.29
   log
  access-list outside_access_in permit tcp host 60.49.155.154 host 203.115.205.29
  object-group DB_access log
  access-list outside_access_in permit tcp object-group NEC_ASIA host 203.115.205.
  28 object-group ssh_defined
  access-list outside_access_in permit ip 172.19.100.96 255.255.255.240 interface
  inside
  access-list outside_access_in permit tcp any host 203.115.205.30 object-group RD
  P
  access-list outside_access_in permit tcp any host 203.115.205.26 object-group RD
  P
  access-list outside_access_in permit tcp any host 172.19.100.20 eq https
  access-list inside_outbound_nat0_acl permit ip any 172.19.100.96 255.255.255.240
  access-list inside_outbound_nat0_acl permit ip any host 172.59.1.1
  access-list outside_cryptomap_dyn_20 permit ip any 172.19.100.96 255.255.255.240
  no pager
  logging on
  logging timestamp
  logging trap warnings
  logging facility 22
  logging device-id string pixfirewall
  logging host inside Linux_File_Srv
  icmp permit host necare outside
  icmp permit host 219.92.227.57 outside
  icmp permit IsetanKLCC_LAN 255.255.0.0 inside
  mtu outside 1500
  mtu inside 1500
  mtu intf2 1500
  ip address outside 203.115.205.27 255.255.255.248
  ip address inside 172.19.100.20 255.0.0.0
  no ip address intf2
  ip verify reverse-path interface outside
  ip verify reverse-path interface inside
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool klccippool 172.19.100.96-172.19.100.99
  arp timeout 14400
  global (outside) 10 interface
  nat (inside) 0 access-list inside_outbound_nat0_acl
  nat (inside) 10 0.0.0.0 0.0.0.0 0 0
  static (inside,outside) 203.115.205.28 Linux_File_Srv netmask 255.255.255.255 0
  0
  static (inside,outside) 203.115.205.29 Database_Srv netmask 255.255.255.255 0 0
  static (inside,outside) 203.115.205.30 172.19.100.17 netmask 255.255.255.255 0 0
  static (inside,outside) 203.115.205.26 172.19.100.64 netmask 255.255.255.255 0 0
  static (inside,outside) 172.19.100.20 172.19.100.20 netmask 255.255.255.255 0 0
  access-group outside_access_in in interface outside
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 203.115.205.25 1
  route inside 172.19.100.64 255.255.255.255 172.19.100.20 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server RADIUS protocol radius
  aaa-server LOCAL protocol local
  http server enable
  http 0.0.0.0 0.0.0.0 outside
  http 172.19.100.64 255.255.255.255 inside
  klccPix#

  Hi Khairul_nizam,
  From your diagram we can understand that the intervlan Routing is done by the router (Router on Stick).
  Since you are trying to access the server's from with your network i do not think we need to check with the firewall configuration.
  your switch provided in the diagram is L2 switch (access layer switch)
  inorder to help you please post the configuration of your router
  Configuration of Router
  IOS and make and model number
  Configuration of Switch
  make,model number and IOS used.
  Potha

• Client not able to access EJB deployed in Oracle8i

  Hi,
  After lot of pains, I was able to deploy EJB in the Oracle8i DB.
  Now I am facing problems when the Client makes an request to get the reference of this deployed EJB.
  This is the error I receive :
  "C:\JDeveloper3.0\java1.2\jre\bin\javaw.exe" -mx50m -classpath "C:\sandeep\JDeveloper3.0\class;C:\JDeveloper3.0\lib\jdev-rt.zip;C:\JDeveloper3.0\jdbc\lib\oracle8.1.5\classes111.zip;C:\JDeveloper3.0\lib\connectionmanager.zip;C:\JDeveloper3.0\li b\javax_ejb.zip;C:\JDeveloper3.0\aurora\lib\aurora_client.jar;C:\JDeveloper3.0\aurora\lib\vbjorb.jar;C:\JDeveloper3.0\aurora\lib\vbjapp.jar;C:\JDeveloper3.0\aurora\lib\vbjtools.jar ;C:\JDeveloper3.0\aurora\lib\vbj30ssl.jar;C:\sandeep\JDeveloper3.0\project\MyEJBRemoteSource.jar;C:\sandeep\JDeveloper3.0\project\MyEJBRemoteGenerated.jar;C:\JDeveloper3.0\java1.2\ jre\lib\rt.jar;C:\JDeveloper3.0\lib\jboejb.jar" LearnEJBPack.EJBClient
  Creating an initial context
  Looking for the EJB published as 'test/MyEJBClass'
  java.lang.NoClassDefFoundError: oracle.aurora.rdbms.ClassResolver
  java.lang.Object oracle.aurora.jndi.sess_iiop.sess_iiopURLContextFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)
  javax.naming.Context javax.naming.spi.NamingManager.getURLContext(java.lang.String, java.lang.Object, java.util.Hashtable)
  javax.naming.Context javax.naming.spi.NamingManager.getURLContext(java.lang.String, java.util.Hashtable)
  javax.naming.Context javax.naming.InitialContext.getURLOrDefaultInitCtx(java.lang.String)
  java.lang.Object javax.naming.InitialContext.lookup(java.lang.String)
  void LearnEJBPack.EJBClient.main(java.lang.String[])
  Exception in thread main
  I donot understand why it is not able to find
  oracle.aurora.rdbms.ClassResolver.
  Do I also need to load some other classes also?
  Let me know.
  Thanks
  Sandeep
  Details : JDeveloper 3.0 Oracle 8.1.5i Windows 2000

  Hi Giri,
  In SQL Server Help file content are i pasted here
  Using the Local Service Account
  The Local Service account is a special, built-in account that is similar to an authenticated user account.
  The Local Service account has the same level of access to resources and objects
  as members of the Users group. This limited access helps safeguard your system
  if individual services or processes are compromised. Services that run as the Local
  Service account access network resources as a null session with no credentials.
  Using the Network Service Account
  The Network Service account is a special, built-in account that is similar to an authenticated
  user account. The Network Service account has the same level of access to resources and
  objects as members of the Users group. Services that run as the Network Service account
  access network resources using the credentials of the computer account.
  Important: 
  Microsoft recommends that you do not use the Network Service account for the SQL Server
  or SQL Server Agent services. Local User or Domain User accounts are more appropriate
  for these SQL services.
  Using the Local System Account
  The Local System account is a highly privileged account; use caution when assigning
  Local System permissions to SQL Server service accounts.
  Security Note: 
  To increase the security of your SQL Server installation, run SQL Server services under
  a local Windows account with the lowest possible privileges.
  Regards
  Jambulingam.P
  Edited by: Jambulingam P on Aug 12, 2009 1:58 PM

• Clients not able to join more 256 nos

  Hi
  We have using wireless controller CISCO 2125 with 8 nos LWAP 1252, including AP's getting the IP from windows DHCPserver (172.29.70.0/23), when clients reaches 256 nos in controller , then further not able to join in wireless network.
  DHCP vendor class or user class will solve this issue. pl guide me .
  thanks
  Karthik

  Well, it's totally expected then as it's the maximum amount of clients supported by the 2125.
  If you have that amount of client you should look into having more APs and a more powerful WLC. That limit is not just there for marketing purpose. It looks like your network is under-powered compared to its real usage.
  Regards,
  Nicolas
  ===
  Don't forget to rate answers that you find useful

• [T400] Cisco VPN client not working over wireless adapter (but works on cabled connection)

  I have a very strange problem. 
  I need to connect to my work via the cisco vpn client (version 5.0.00.0340). 
  My previous laptop (T43 , windows XP) worked well through both wired / wireless connections.  My desktop machine (vista) works via wired connection (it has no wireless connection). 
  On my new T400, the VPN client works via a wired connection but not via the wireless adapter.  
  On the wireless apapter, the vpn seems to connect OK, but when I try to access resources via the VPN there is little response.
  I get this in the vpn log...
  405   08:56:57.073  04/16/09  Sev=Warning/2 IPSEC/0xE3700003
  Function CniInjectSend() failed with an error code of 0xa4510009 (IPSecDrvCB:846)
   I've tried disabling the firewall (in both the T400 and the router), removed access connections, and disabling tcp v6. I've rebooted everything too. 
  But, nothing seems to work.   I suspect the problem is on the t400 somewhere, because the old laptop used to work OK via wireless.
  I've seen some google links on cisco vpn not working via  wireless but nothing seems to apply to my exact situation yet. 
  Anyone else had this problem or know of a fix? Thanks in advance. 
  Solved!
  Go to Solution.

  all good now, got it working. 
  The Deterministic network thing was not installed on the wireless adapter for some reason.
  So, I installed the latest wireless driver, reinstalled the vpn and all is good now.  

• SCCM client not able to find MP

  Hi,
  I just deployed SCCM 2012 R2 Primary site as a standalone, but Client is not able to find their MP.
  Boundary is default Ad sites.. Also DNS and Domain is working properly..
  here is Local Services logs
  Refreshed security settings over MP LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  No security settings update detected. LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Unexpected row count (0) retrieved from AD.
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Failed to refresh Site Signing Certificate over AD with error 0x80004005.
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Attempting to retrieve lookup MP(s) from AD
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Unexpected row count (0) retrieved from AD.
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  No lookup MP(s) from AD LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve lookup MP(s) from DNS
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Using default DNS suffix AIRWORKS.IN LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve default management points from DNS
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Found DNS record of awisccm.airworks.in port 80
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Lookup Management Points from DNS: LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Name: 'awisccm.airworks.in' HTTPS: 'N' ForestTrust: 'N'
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Retrieved lookup MP(s) from DNS LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve site information from lookup MP(s) via HTTP
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  LSGetSiteInformationFromManagementPoint('AWI'): Assignment Site Code [AWI], Version [5.00.7958.1000], Capabilities [<Capabilities SchemaVersion="1.0"/>], Client Operational Settings [<ClientOperationalSettings><Version>5.00.7958.1501</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>224</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F0308201D8A0030201020210517C83C1077CF78E413E31A76CCA9765300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3135303230383039313834395A180F32313135303131363039313834395A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100BE00559D6DBA231FA973659B2D3636D617F7FA7964C72BEED39E860D232BE1D72394FC84EE49F63E72C610C5DC480A0713EEA499430F613035BC21AEAB75146A816C08F3260859B45B130244E77FB806B80F7027B3B49A6F8BBDB4E068F89F3CD346B14651D751AAD58A34EAD9B3910BE349CEA506168B4B2C7C4C4AD5AC371F3C57F94EA8A37A341565E5C3102B34500655C86A619A532F0D45E64D45B92ECF2B9E403CF22CB3A738E606870937EE73366A404D5AF457BF393666D338D6ACBBD94B00E951E70B8D3D73E8E58F35EEB110EA6D6EC85E0CEBFBE4B9F452FF870853FC48D57EA09361A5816DA24B868CF02BAB802D96742AF14B552168EA6EDF950203010001A3383036301E0603551D110417301582134157495343434D2E414952574F524B532E494E30140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B0500038201010054D78657F6093B73C3899E9A77C92B834BC94BCA11B6D369AE94BA8E1D6607E70232C37C6A02DF47E8BBD02F288C941A687B14E88418BAA52E0A7E3246D2F85CFA06CE074EDD38C34FD3599E5AA801AA741B43B585D68C2B1B48BC3B5F9181431B25393A75926EC2BD81E586C41E9FA69AD715B2653BDE66C06327A6C0F58A750C55324505044284E5BD41374AA76DDE0F0310715A9161F6D69A1AA24656439307562DD475B8B755ED5408AEDC1F6EEEC007DABB94DF4B2A810B6AE54A4E51D46ADC0D1D9D8E7161A8F679DBC033C76A6E39686A0F248D0B903B1EF6F2E5DACD1958DE3B07F5124457CFC4582C7B460B5D4831C71A38057B52835E2CC24C5EC3</SiteSigningCert></SecurityConfiguration></ClientOperationalSettings>].
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Refreshed Site Signing Certificate over MP LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve lookup MP(s) from AD
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Unexpected row count (0) retrieved from AD.
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  No lookup MP(s) from AD LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve lookup MP(s) from DNS
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Using default DNS suffix AIRWORKS.IN LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Attempting to retrieve default management points from DNS
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Found DNS record of awisccm.airworks.in port 80
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Lookup Management Points from DNS: LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Name: 'awisccm.airworks.in' HTTPS: 'N' ForestTrust: 'N'
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Retrieved lookup MP(s) from DNS LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Unable to retrieve compatible MP(s) from AD
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Attempting to retrieve default management points from lookup MP(s) via HTTP
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Default Management Points from MP: LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Name: 'AWISCCM.AIRWORKS.IN' HTTPS: 'N' ForestTrust: 'Y'
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  LSUpdateInternetManagementPoints LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  LSUpdateInternetManagementPoints: No internet MPs were retrieved from MP AWISCCM.AIRWORKS.IN, clearing previous list.
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Persisting the default management points in WMI
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Default Management Points from MP: LocationServices
  2/10/2015 3:57:34 PM 4456 (0x1168)
  Name: 'AWISCCM.AIRWORKS.IN' HTTPS: 'N' ForestTrust: 'Y'
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Persisted Default Management Point Locations locally
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Attempting to retrieve local MPs from the assigned MP
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:34 PM
  4456 (0x1168)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:35 PM
  4456 (0x1168)
  MPLIST requests are throttled for 00:04:24
  LocationServices 2/10/2015 3:57:35 PM
  724 (0x02D4)
  Current AD site of machine is Default-First-Site-Name
  LocationServices 2/10/2015 3:57:35 PM
  4456 (0x1168)
  Executing Task LSRefreshDefaultMPTask LocationServices
  2/10/2015 3:57:47 PM 4832 (0x12E0)
  Executing Task LSTimeOutRequestsTask LocationServices
  2/10/2015 3:57:47 PM 5436 (0x153C)
  Executing Task LSRefreshLocationsTask LocationServices
  2/10/2015 3:57:47 PM 324 (0x0144)
  Unexpected row count (0) retrieved from AD.
  LocationServices 2/10/2015 3:57:47 PM
  4560 (0x11D0)
  Shailendra Dev

  Hi Jeff,
  I am using AD default sites as a Boundary, and all the locations ADC Servers are in default sites only,
  there is no any other sites in AD also there is no any Subnets added in AD subnets . should i need to add all the LAN subnet in AD subnets .. is this mandatory for auto site assignment and auto content locate for the clients???
  Shailendra Dev

• Not able to find Remote roles in User Management

  We are using RRA for sharing contents between two portals. In the consumer portal PCD, the contents and roles of the producer portal is showing perfectly. But when i am trying to find the roles in User management in the consumer portal, these remote roles are not showing, and subsequently we are not being able to assign these remote roles to our  local users. I have checked the connection and permission. Please help.

  1. Please make sure that the server clocks on the producer and consumer portal are synchronized. One of the prerequisite for FPN is that the server clocks of the producer portal and consumer portal must be synchronized at all times.
  2. When you are not able to see a remote role, at that time, test your SSO between consumer and producer. You can do this by logging in first into your consumer and then changing the URL to that of the producer and then hit Enter. If SSO is correctly working, you should be logged into the producer portal without having to log in again.
  Thanks,
  Shanti